dstack icon indicating copy to clipboard operation
dstack copied to clipboard
verified publisher icon dstackai

[Feature] Switch from per-run certificates to wildcard per-project certificates

Open peterschmidt85 opened this issue 1 year ago • 1 comments

  1. Easier to use with Let's Encrypt (the default implementation) – no "Certificates per Registered Domain (50 per week)" limit;
  2. Both Let's Encrypt and ZeroSSL can experience outages, which may disrupt service submissions.

peterschmidt85 avatar Oct 07 '24 14:10 peterschmidt85

The main reason we didn't support wildcard certificates initially is that they do not support HTTP-01 challenge that we can easily automate but only DNS-01 challenge.

Automating DNS-01 challenge is problematic since it would only work with DNS providers explicitly supported by dstack.

And I argue many users would not give dstack control over their DNS zones for policy reasons.

The alternative solution could be having a backup ACME issuer in case of the primary issuer downtimes – this would work both for Sky and OSS users.

r4victor avatar Oct 09 '24 09:10 r4victor

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Nov 09 '24 01:11 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale. Please reopen the issue if it is still relevant.

github-actions[bot] avatar Nov 23 '24 01:11 github-actions[bot]